The race is on to deliver a version of the Linux open-source operating system that will be more secure than any of its predecessors but also manageable and affordable enough to garner widespread acceptance. Linux developer MandrakeSoft SA and a consortium of European software makers have tossed their hat into the ring, as has Trusted Computer Solutions Inc., a maker of software used by government agencies and businesses to securely transfer sensitive data.
Funded by the French Ministry of Defense via a three-year, $8.6 million (7 million euro) contract, MandrakeSoft, along with system and software developers Bertin Technologies Group, Jaluna and Surlog, plan to develop a Linux-based operating system that meets Evaluation Assurance Level 5 of the Common Criteria, known by the designation CC-EAL5. Oppida, a service provider accredited by the French National Security Agency, will evaluate the new operating system against the international Common Criteria standard for IT security, also known as International Standards Organization 15408.
Trusted Computer Solutions' time frame is a bit tighter, as the company plans to release a beta version of its Trusted Linux operating system by the end of this year. The company plans to offer a generally available version early next year.
Trusted Computer Solutions began developing a more secure version of Linux to run underneath its SecureOffice data-sharing applications. The company expects TCS Trusted Linux will be certified at CC-EAL4.
TCS Trusted Linux, based on the National Security Agency's Security-Enhanced Linux specification, will be certified under the Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile at EAL4.
Analysts caution against blindly believing that security designations will translate into a certain level of security in any given IT environment. EAL indicates the rigor of the evaluation process rather than the actual security capabilities of the system evaluated, Gartner research director Ant Allen wrote in a July research paper about Linux security. What's more important is for users to know which areas of the operating system were evaluated for certification.
"CC certification cannot guarantee that any Linux distro will be free of flaws," Allen wrote. "Bugs and patches are inevitable." Allen also noted that earlier this year, SuSE Linux Enterprise Server 8 with Service Pack 3 was awarded EAL-3+ certification under the Controlled Access Protection Profile.
Much of the highly sensitive data shared today by government agencies is still paper-based, says Ed Hammersla, Total Computer Solutions' chief operating officer. Before the company's SecureOffice apps can address that situation, they need a highly secure operating system that's easy and cost-effective to administer. "We couldn't find an operating system other than Trusted Solaris that met the security requirements for our applications," Hammersla says.
Operating systems that have achieved the "trusted" designation in the past, however, have cost several times more than their less-secure counterparts and been difficult to manage, Hammersla says. Trusted Computer Solutions wants its operating system to appeal to commercial businesses as well as to government agencies, which is why TCS Trusted Linux is being developed on top of Red Hat Inc.'s Fedora Project, according to recognized standards such as Common Criteria.
Trusted Linux will eventually become the mainstream for the operating system, says Tony Stanco, associate director of George Washington University's Cyber Security Policy and Research Institute. "Security is on everyone's radar screen."
As more and more information is networked, the cost and difficulty of deploying a trusted operating system become less problematic than the threat of a security breach, Stanco says. This push toward Trusted Linux will provide the added benefit of driving down the cost to deploy highly secure systems. Says Stanco, "The economics of software are that it will eventually cost the same to implement a secure system as it will to implement a nonsecure one."